Book Image

Learn Ethical Hacking from Scratch.

By : Zaid Sabih
5 (1)
Book Image

Learn Ethical Hacking from Scratch.

5 (1)
By: Zaid Sabih

Overview of this book

This book starts with the basics of ethical hacking, how to practice hacking safely and legally, and how to install and interact with Kali Linux and the Linux terminal. You will explore network hacking, where you will see how to test the security of wired and wireless networks. You’ll also learn how to crack the password for any Wi-Fi network (whether it uses WEP, WPA, or WPA2) and spy on the connected devices. Moving on, you will discover how to gain access to remote computer systems using client-side and server-side attacks. You will also get the hang of post-exploitation techniques, including remotely controlling and interacting with the systems that you compromised. Towards the end of the book, you will be able to pick up web application hacking techniques. You'll see how to discover, exploit, and prevent a number of website vulnerabilities, such as XSS and SQL injections. The attacks covered are practical techniques that work against real systems and are purely for educational purposes. At the end of each section, you will learn how to detect, prevent, and secure systems from these attacks.
Table of Contents (24 chapters)
22
Discovering Vulnerabilities Automatically Using OWASP ZAP

Stored XSS

Now let's have a look at a stored XSS example. Stored XSS is very similar to reflected XSS—it allows you to inject JavaScript code into the browser. The code is executed on the users that visit the page. The only difference is that, with reflected XSS, we have to send the URL to our target, so the target has to actually click on a URL for the exploit to run. With stored XSS, the code will be stored into the database—that is, into the page—so that every time a person runs that page, they will see our code and our code will be executed, so we won't need to interact with any users or send them anything. Therefore, this could be much more dangerous than reflected XSS.

So, let's have a look at this. Click on the XSS stored tab on the left. We will see a page, as shown in the following screenshot:

The page only allows us to add a message...